Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of git://git.qubes-os.org/marmarek/core into pvusb2

Browse Source
This commit is contained in:
Alexandre Bezroutchko 2012-11-17 01:43:34 +01:00
commit 1beba9fdd5
29 changed files with 289 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Makefile
View File

@ -3,9 +3,12 @@ RPMS_DIR=rpm/
VERSION_DOM0 := $(shell cat version_dom0)
VERSION_VAIO_FIXES := $(shell cat version_vaio_fixes)
VERSION_VM := $(shell cat version_vm)
VERSION_LIBS := $(shell cat version_libs)
help:
@echo "make rpms -- generate binary rpm packages"
@echo "make rpms-vm -- generate binary rpm packages for VM"
@echo "make rpms-dom0 -- generate binary rpm packages for Dom0"
@echo "make update-repo-current -- copy newly generated rpms to qubes yum repo"
@echo "make update-repo-current-testing -- same, but to -current-testing repo"
@echo "make update-repo-unstable -- same, but to -testing repo"
@ -14,14 +17,18 @@ help:
rpms: rpms-vm rpms-dom0
rpms-vm:
rpms-libs:
rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-libs.spec
rpm --addsign $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*.rpm
rpms-vm: rpms-libs
rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm.spec
rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm-kernel-placeholder.spec
rpm --addsign \
$(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*.rpm \
$(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*.rpm
rpms-dom0:
rpms-dom0: rpms-libs rpms-vaio-fixes
rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec
rpm --addsign \
$(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm
@ -33,32 +40,47 @@ rpms-vaio-fixes:
update-repo-current:
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*fc13*.rpm ../yum/current-release/current/dom0/rpm/
for vmrepo in ../yum/current-release/current/vm/* ; do \
dist=$$(basename $$vmrepo) ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\
done
update-repo-current-testing:
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/
for vmrepo in ../yum/current-release/current-testing/vm/* ; do \
dist=$$(basename $$vmrepo) ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\
done
update-repo-unstable:
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/
for vmrepo in ../yum/current-release/unstable/vm/* ; do \
dist=$$(basename $$vmrepo) ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\
done
update-repo-installer:
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/
update-repo-template:
for vmrepo in ../template-builder/yum_repo_qubes/* ; do \
dist=$$(basename $$vmrepo) ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\
ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\
done
clean:
make -C dom0/qmemman clean

82
dom0/aux-tools/patch_appvm_initramfs.sh
View File

@ -1,82 +0,0 @@
#!/bin/sh
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2010 Joanna Rutkowska <joanna@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
#
# This script can be used to patch the initramfs of the Qubes AppVM
# It inserts an additional script that is responsible for setting up
# COW-based root fs and VM private fs
#
INITRAMFS=$1
INITRAMFS_QUBES=$2
QUBES_COW_SETUP_FILE=$3
TMP_DIR=`mktemp -d /tmp/qubes-initramfs-patching-XXXXXXX`
if [ $# != 3 ] ; then
echo "usage: $0 <original initramfs to patch> <patched initramfs file> <qubes_cow_setup_file>"
exit 0
fi
if [ x$INITRAMFS = x ] ; then
echo "INITRAMFS missing!"
exit 1
fi
if [ x$INITRAMFS_QUBES = x ] ; then
echo "INITRAMFS_QUBES missing!"
exit 1
fi
if [ x$QUBES_COW_SETUP_FILE = x ] ; then
echo "$QUBES_COW_SETUP_FILE missing!"
exit 1
fi
ID=$(id -ur)
if [ $ID != 0 ] ; then
echo "This script should be run as root user. Apparently the initramfs files must have root.root owener..."
exit 1
fi
mkdir $TMP_DIR/initramfs.qubes || exit 1
cp $INITRAMFS $TMP_DIR/initramfs.cpio.gz
pushd $TMP_DIR/initramfs.qubes
gunzip < ../initramfs.cpio.gz | cpio -i --quiet || exit 1
cp $QUBES_COW_SETUP_FILE pre-udev/90_qubes_cow_setup.sh || exit 1
find ./ | cpio -H newc -o --quiet > $TMP_DIR/initramfs.qubes.cpio || exit 1
popd
gzip $TMP_DIR/initramfs.qubes.cpio || exit 1
mv $TMP_DIR/initramfs.qubes.cpio.gz $INITRAMFS_QUBES || exit 1
rm -fr $TMP_DIR || exit 1

2
dom0/misc/qubes-dispvm-firefox.desktop
View File

@ -1,7 +1,7 @@
[Desktop Entry]
Version=1.0
Type=Application
Exec=sh -c 'echo firefox | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 user red'
Exec=sh -c 'echo firefox | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red'
Icon=/usr/share/qubes/icons/dispvm-red.png
Terminal=false
Name=DispVM: Firefox web browser

15
dom0/qubes_rpc/qubes-receive-appmenus
View File

@ -47,11 +47,11 @@ fields_regexp = {
"Exec": re.compile(r"^[a-zA-Z0-9%>/:.= -]*$"),
}
def get_appmenus(xid):
def get_appmenus(vm):
global appmenus_line_count
global appmenus_line_size
untrusted_appmenulist = []
if xid == -1:
if vm is None:
while appmenus_line_count > 0:
untrusted_line = sys.stdin.readline(appmenus_line_size)
if untrusted_line == "":
@ -61,8 +61,7 @@ def get_appmenus(xid):
if appmenus_line_count == 0:
raise QubesException("Line count limit exceeded")
else:
p = subprocess.Popen ([qrexec_client_path, '-d', str(xid),
'user:QUBESRPC qubes.GetAppmenus dom0'], stdout=subprocess.PIPE)
p = vm.run('QUBESRPC qubes.GetAppmenus dom0', passio_popen=True)
while appmenus_line_count > 0:
untrusted_line = p.stdout.readline(appmenus_line_size)
if untrusted_line == "":
@ -184,14 +183,10 @@ def main():
new_appmenus = {}
if env_vmname is None:
# Get appmenus from VM
xid = vm.get_xid()
assert xid > 0
new_appmenus = get_appmenus(xid)
new_appmenus = get_appmenus(vm)
else:
options.verbose = False
new_appmenus = get_appmenus(-1)
new_appmenus = get_appmenus(None)
if len(new_appmenus) == 0:
print >>sys.stderr, "ERROR: No appmenus received, terminating"

18
dom0/qvm-core/qubes.py
View File

@ -778,8 +778,8 @@ class QubesVm(object):
# resize loop device
subprocess.check_call(["sudo", "losetup", "--set-capacity", loop_dev])
retcode = self.run("root:while [ \"`blockdev --getsize64 /dev/xvdb`\" -lt {0} ]; do ".format(size) +
"head /dev/xvdb > /dev/null; sleep 0.2; done; resize2fs /dev/xvdb", wait=True)
retcode = self.run("while [ \"`blockdev --getsize64 /dev/xvdb`\" -lt {0} ]; do ".format(size) +
"head /dev/xvdb > /dev/null; sleep 0.2; done; resize2fs /dev/xvdb", user="root", wait=True)
else:
retcode = subprocess.check_call(["sudo", "resize2fs", "-f", self.private_img])
if retcode != 0:
@ -1326,13 +1326,15 @@ class QubesVm(object):
return conf
def run(self, command, verbose = True, autostart = False, notify_function = None, passio = False, passio_popen = False, passio_stderr=False, ignore_stderr=False, localcmd = None, wait = False, gui = True):
"""command should be in form 'user:cmdline'
def run(self, command, user = None, verbose = True, autostart = False, notify_function = None, passio = False, passio_popen = False, passio_stderr=False, ignore_stderr=False, localcmd = None, wait = False, gui = True):
"""command should be in form 'cmdline'
When passio_popen=True, popen object with stdout connected to pipe.
When additionally passio_stderr=True, stderr also is connected to pipe.
When ignore_stderr=True, stderr is connected to /dev/null.
"""
if user is None:
user = self.default_user
null = None
if not self.is_running():
if not autostart:
@ -1354,7 +1356,7 @@ class QubesVm(object):
if gui and os.getenv("DISPLAY") is not None and not self.is_guid_running():
self.start_guid(verbose = verbose, notify_function = notify_function)
args = [qrexec_client_path, "-d", str(xid), command]
args = [qrexec_client_path, "-d", str(xid), "%s:%s" % (user, command)]
if localcmd is not None:
args += [ "-l", localcmd]
if passio:
@ -1437,7 +1439,7 @@ class QubesVm(object):
if verbose:
print >> sys.stderr, "--> Waiting for qubes-session..."
self.run('%s:echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d' % self.default_user, ignore_stderr=True, gui=False, wait=True)
self.run('echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d', ignore_stderr=True, gui=False, wait=True)
retcode = subprocess.call([qubes_clipd_path])
if retcode != 0:
@ -1895,7 +1897,7 @@ class QubesNetVm(QubesVm):
# force frontend to forget about this device
# module actually will be loaded back by udev, as soon as network is attached
vm.run("root:modprobe -r xen-netfront xennet")
vm.run("modprobe -r xen-netfront xennet", user="root")
try:
vm.attach_network(wait=False)
@ -2474,7 +2476,7 @@ class QubesHVm(QubesVm):
if kwargs.get('verbose'):
print >> sys.stderr, "--> Waiting for user '%s' login..." % self.default_user
p = self.run('SYSTEM:QUBESRPC qubes.WaitForSession', passio_popen=True, gui=False, wait=True)
p = self.run('QUBESRPC qubes.WaitForSession', user="SYSTEM", passio_popen=True, gui=False, wait=True)
p.communicate(input=self.default_user)
retcode = subprocess.call([qubes_clipd_path])

9
dom0/qvm-tools/qvm-run
View File

@ -85,6 +85,7 @@ def vm_run_cmd(vm, cmd, options):
return vm.run(cmd, autostart = options.auto,
verbose = options.verbose,
user = options.user,
notify_function = tray_notify_generic if options.tray else None,
passio = options.passio, localcmd = options.localcmd, gui = options.gui)
except QubesException as err:
@ -194,13 +195,7 @@ def main():
vms_list.append(vm)
for vm in vms_list:
if takes_cmd_argument:
cmd = "{user}:{cmd}".format(user=options.user if options.user else vm.default_user, cmd=cmdstr)
else:
cmd = None
vm_run_cmd(vm, cmd, options)
vm_run_cmd(vm, cmdstr, options)
if options.wait_for_shutdown:
if options.verbose:

8
dom0/qvm-tools/qvm-sync-clock
View File

@ -64,15 +64,15 @@ def main():
# Ignore retcode, try even if nm-online failed - user can setup network manually
# on-online has timeout 30sec by default
net_vm.run('DEFAULT:nm-online -x', verbose=verbose, wait=True, ignore_stderr=True)
net_vm.run('nm-online -x', verbose=verbose, wait=True, ignore_stderr=True)
# Sync clock
if clock_vm.run('root:QUBESRPC qubes.SyncNtpClock dom0', verbose=verbose, wait=True, ignore_stderr=True) != 0:
if clock_vm.run('QUBESRPC qubes.SyncNtpClock dom0', user="root", verbose=verbose, wait=True, ignore_stderr=True) != 0:
print >> sys.stderr, 'Time sync failed, aborting!'
sys.exit(1)
# Use the date format based on RFC2822 to avoid localisation issues
p = clock_vm.run('DEFAULT:date -u -R', verbose=verbose, passio_popen=True, ignore_stderr=True)
p = clock_vm.run('date -u -R', verbose=verbose, passio_popen=True, ignore_stderr=True)
date_out = p.stdout.read(100)
date_out = date_out.strip()
if not re.match(r'^[A-Za-z]+[,] [0-9][0-9] [A-Za-z]+ [0-9][0-9][0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [+]0000$', date_out):
@ -92,7 +92,7 @@ def main():
if verbose:
print >> sys.stderr, '--> Syncing \'%s\' clock.' % vm.name
try:
vm.run('root:date -u -R -s "%s"' % date_out, verbose=verbose)
vm.run('date -u -R -s "%s"' % date_out, user="root", verbose=verbose)
except Exception as e:
print >> sys.stderr, "ERROR syncing time in VM '%s': %s" % (vm.name, str(e))
pass

1
dom0/restore/qfile-daemon-dvm
View File

@ -68,6 +68,7 @@ class QfileDaemonDvm:
retcode = subprocess.call(['/usr/lib/qubes/qubes_restore',
current_savefile,
current_dvm_conf,
'-u', str(vm.default_user),
'-c', label.color,
'-i', label.icon,
'-l', str(label.index)])

22
dom0/restore/qubes_restore.c
View File

@ -139,7 +139,7 @@ void preload_cache(int fd)
}
}
void start_rexec(int domid)
void start_rexec(int domid, char *default_user)
{
int pid, status;
char dstr[40];
@ -150,7 +150,7 @@ void start_rexec(int domid)
exit(1);
case 0:
execl("/usr/lib/qubes/qrexec_daemon", "qrexec_daemon",
dstr, NULL);
dstr, default_user, NULL);
perror("execl");
exit(1);
default:;
@ -171,9 +171,9 @@ void start_guid(int domid, int argc, char **argv)
guid_args[0] = "qubes_guid";
guid_args[1] = "-d";
guid_args[2] = dstr;
for (i = 3; i < argc; i++)
guid_args[i] = argv[i];
guid_args[argc] = NULL;
for (i = 0; i < argc; i++)
guid_args[i+3] = argv[i];
guid_args[argc+3] = NULL;
execv("/usr/bin/qubes_guid", guid_args);
perror("execv");
}
@ -434,9 +434,11 @@ int main(int argc, char **argv)
FILE *conf;
char *name;
char confname[256];
char *default_user = NULL;
int guid_args_start = 3;
if (argc < 3) {
fprintf(stderr,
"usage: %s savefile conf_templ [guid args] \n", argv[0]);
"usage: %s savefile conf_templ [-u default_user] [guid args] \n", argv[0]);
exit(1);
}
redirect_stderr();
@ -448,6 +450,10 @@ int main(int argc, char **argv)
perror("fopen vm conf");
exit(1);
}
if (argc > 4 && strcmp(argv[3], "-u")==0) {
default_user = argv[4];
guid_args_start += 2;
}
dispid = get_next_disposable_id();
name = get_vmname_from_savefile(conf_templ);
netvm_id = get_netvm_id_from_name(name);
@ -472,7 +478,7 @@ int main(int argc, char **argv)
setup_xenstore(netvm_id, domid, dispid, name);
fprintf(stderr, "time=%s, starting qubes_guid\n", gettime());
rm_fast_flag();
start_rexec(domid);
start_guid(domid, argc, argv);
start_rexec(domid, default_user);
start_guid(domid, argc-guid_args_start, argv+guid_args_start);
return 0;
}

29
misc/RPM-GPG-KEY-qubes-1-primary
View File

@ -1,29 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQINBE92zX4BEADEOLD8SH3qZunNWnE0IFg4L0m7N33AfIjs8m0CdHi0xKFq8+aA
VOq+Bu2c/v56PSChpYRYqFymt4k7U254uta+bKhUve150Ov5ukCYIPNS/Fx5rRjY
uDLP9zQwlfrABpKNzP4PP9TKOcnb/B8aI8x0GtIa7hTPeBbuJSx6yeazzjHc5bco
8mL1x4nWTqD2n0Ze37B0e5VaVwJyP7+d17amQAWlDAWD/hus/GvTxGX6dT22UBXx
r4WWAGSjx2zT4xe25yysWg3CS0S3Z7ib3xSqdCILN7eCAX7baXTB7s+aziGw3cJJ
cUU2fzTGfGKJ4lAnQeI0gu2XBbHjygC6Kvp1HiyBNGHJ1FvoWqT1KDntFe/xKzTg
akcbqBaMqoUtcbkWNDb7TjrCh3xiwG9oQREuc6RbmMCR4De6fJhton2F9QGMJKg6
WXeA915v8cdHE4SSyZzXq/VdiMFZ9PX0tmFBBy4H7JfRv1bUZg4LStuosZHc9fBI
McV6ohokkWNDNRBrc86+3Pif+v1QqmQu4kjI+G+zXc27sVag/umh9BqziT03F0O4
Jq4cvgfTLj62PCqF+7vVJcBiezOE+NGqWkuDMBvcEX8fVrElhaRDsEqhlRfQUm+k
atene95aQ2vki6C7VqqYoJnSgN3D4WiF2psMRlwbfV7JRHkYkNbE6Oc7BQARAQAB
tB5RdWJlcyBPUyBSZWxlYXNlIDEgU2lnbmluZyBLZXmJAjgEEwECACIFAk92zX4C
GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOoBIBshEJOnafcQALoC5azP
rp5GQa87OKcSUCWY8u/PqUDnlrA708GpAi1cehR4eJKzAp9KEb6EWDTxRQYPFZSr
ijycLfCje8G0/owckEIcmIAkB1cMgY7a8JcM5G0Fvm0Rcr9mLfIVc++l0O4UAXgk
wAN7V3qGfVVIu8iMTO/2VJaTUdppWmK5RK0HxsOlPw/p9WyaFLe8koql1LwvrnqH
/Y7FV2O7w8Ha3nBpnWyn4wlBh39LRo/45WJx6iliyQweia32z3QywS5GzbdTqO9Z
oOIJNBHUu9GjGC3NC1tu3LPj2QrxJJaaysikvvYjsacUIviTDnUoZ0uNNSWSCUIF
Wgxn3PFn6hb+EiTa4T2XJGPNKnky0v7FAEWK1zfQzaGlsIHrCjHTk3xPliWqpRDY
DoBirg7Kd/mEZd8jjs8PFFs3QnolUV587642e6H/1w+zevE3GwD+M7cLD4XishRx
khfBYFr8HRRrHLJEszSOEod3yeYCHooxXY7589kGnGDY3E/qz2iOd6ee7RUslzwp
SURVaOCrM3sK1wL3kB9NiJ/b4vbggUMEpLrSqaaQF3Uc9Qi7teLev1L594Sgywoe
GWfVomnaV8KYy51k6Or+wVtB3Wx4FvZCI7Vy05BYMbrbbVD9H5b4+Vtrozj22wAj
Fe4itDzWHJUnZy6CNagwhz271QPh3GT/K58W
=2dJF
-----END PGP PUBLIC KEY BLOCK-----

31
misc/RPM-GPG-KEY-qubes-1-unstable
View File

@ -1,31 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQENBE9KHjMBCADgs1Zw+Gag5MXDqAHzVfo/JSJ0q7Oj096l+/TU0/P2qpoF7sTo
uLpDLCfOOSqil7omOKMjn6yl/73RAd4oWIRivJMQKjgD4Tk8qlLI1NrBGhEdwyLm
SZ+7CU79HzahN8w8+l9H978obIN6S0UD36z7su42QnFmKQqT0EnD1NVZpqvq1iKC
0o0TqhZ90QE8YqWxjnbjDkk1mX2K4iHNJJ2mS/r1+4fXqvHzcmSB+vopGGGXxNB7
fbNM6nI9RTpPecmnfKrqKrXYfHfyaLVUFXf2xZW/V85qq70dmEPi5g3YpRCXadJ+
wKt1uZvi4xomPCxymHooF9Fplzv9MpKVIDNlABEBAAG0J1F1YmVzIE9TIFJlbGVh
c2UgMSBVbnN0YWJsZSBTaWduaW5nIEtleYkBPgQTAQIAKAUCT0ogagIbAwUJAeEz
gAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ77E0ZaTirKEbpgf8C9zqmkqo
u+dudzcrPPUW12FjK2WAYQd7WNYpBY4wOmvOUkvq68FUJ0mwNyjEkNhvLnrxlMqn
Z9vraqw1m2FwIAJfmbpnvJ6LeldNj/SYbutY9Y320eQDgLDZp5Xk0w6z1+Q1RXVJ
AkU935sXhtmVYVa4Cnk7Su6lG0Une3b5dpE90M5ewehYllqsqmtKIwqbRaBmvM6y
QHVqOJwNNo9XK78r0dKvXigXBObqatwItM2gan2oF0dplwTD//DqjldBzZ4mgrN8
M/SZtynfTnoV8Yw7+JlsPCHIfcIXXWqJtLhNO3LqFAG6PwJX032eHNSrT+4UWIbP
q8Ccvhbxa7iNabkBDQRPSh4zAQgA7OyPodlWz93OuP8/Bh83dHDd1xV7tXByBDUX
O9am5uGKybcx3V8kBqJXbefds/aem1w2MLtDG+CxDC8Gi5gfNQNeCnIw3mpnZnMU
ZNjtXIn3VfKRyhmaHNvaNZiBzKovfjw152UuMsHfzsSMaWldj5J8oFz+eBthGJTT
uxktijIxHiZ/9RqzJLPMBQ5qRPbpqUn9piWEGxx2c4FbqeEOzzV49rX92adBPmUJ
KBo96vW+L6izE0RcQoTMhicbAqF+K2QUGzy0uTp5+G2V0q5HAfrCMIr1Zx93yuz0
yQZNNLsGYGnYjrFjYiRpJRBbxerlCdGjlwnfXCk5EKRNuqr5twARAQABiQElBBgB
AgAPBQJPSh4zAhsMBQkB4TOAAAoJEO+xNGWk4qyh33MIAIOS9A0rkmBTPZwAsdJv
sz/J9+8AvfwMisN2sKTfEBTO8kEnSPcBZuau3JxKCGHxaPwXhGmnc9xnz/TY3JCj
6ZUgjgQQ3iT/BJk+h6n4xom9NRw5hn4j4NeIpboC6p6JfcYzZyapUNFmAsrSjakw
RxxpaVLb4moOfYzS7i7JqsEetBwoYAeFZoPYZpo4VH9PUPVAih6psmO/bz6Y8W+/
tkXzViq15bwPUmDwBzX0nX0T8nQqMl85nCLDM2rVMs/lnVxfJas4QjTfzgeZOHQ6
0ikGqwlnyWk/oUzUXFV/P7sKAXoOaMSEVHtfSxLjVH0RYsAv6SotjHwPAatrynyp
gYY=
=UROF
-----END PGP PUBLIC KEY BLOCK-----

39
misc/RPM-GPG-KEY-qubes-2-primary Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFClJWMBEADyAZgyocTmLQA0VpEXJKNvziKwaRWWrfzHw992okqRH/7wHfLn
uXZCSeLnFH/u2r7fOearUBajI879YeG8EpQ71wfAybQYGF5ZJWoW4fOEAZKVP8bC
1z65kKZguPcLfBiOWMAhLd8qxB3Zx5vVBM+8pGZ5ToRYxK6ivNTGOJfkz0GMxWCT
q7kMhVpd9xO62pNbDYC884lXk/24CMDy9QDAhTiAPIB+6rN74zw0XYHo5BId9SuL
ougyO3SZObkLOnfaWWEfZGbyFwvZWXigdZ/OPR2EvynBRF/ruJNlmS0EkxGEOMO8
ASeeik4HblNhdVDgnUG1zsQ6AqS7tKsy/il55gE9teCAnAL7nPLW7YJmnbzdl6nF
HKiHp7rZ+AtbDjkFpGmcbemvD+9gneUhuCzO8YQygqApdTXlcC5bY14SRyFtVDMp
wD9XX0cVHyapMAbWedVTXqhcdQ88kWGZ85jHCaFXkl8JyGNsVYMchJF9D8iemgW+
IhwveVEN+5FA9Mrd9NrlgxxO9+BuOgGUPKuw3425cOI47Z3hwGrKm35poZfKqA3U
o1Dwz/JbKM7yNXaZeKrj7Sa0zkzMKXff6PRQTZKqnu/ooyOeNziXgulxLMl2qgYg
ZGijQ/VPwhoaoQtThfyUKc/ttozguAWj5K3Se/BUJJyn0as87RA+8mQD8wARAQAB
tB5RdWJlcyBPUyBSZWxlYXNlIDIgU2lnbmluZyBLZXmJAjgEEwECACIFAlClJWMC
GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAxzudQKQORYvqUQAPAMwdFu
vyR98Q18jzgW6k+5OXNOW53xET+zSZyO/Na7oHC7l8uSOrA8Cu054zeVPzaKMfmr
9bnmb6pfk73Yd/P5AMWXd7h7xZ27Jwi0lhLmxsjMB1fJEJ/bA65m//PxqgIC9PNT
alg0yVE66GdHCVsXJA2XFBTuRyJbLphU8dY1kNesHVdW+Msm+prGOrv+FFzTZDxT
jp87L+xKqTYKgmpphPeM5OzaEj3bOHg3SK1VTVrzRgVVRRKNJKuLIprx5SOpGZxf
5xoPqqdotR4PbM0HQ2gvWy/JlIntN+btVAvwS7e+gcr15oBVsU6uvVJQERZsBDFV
dDffkgOgGVimv21zcxj5RKaUYEpBTqkKZaV23iZ6SQPFBhrjNmljDganTe5tioVQ
mo52s875hYV9VSOLVFOn+pkS0kV5/kFVxoPwHZ+SRKsVcSrRnd9t/et4+VcOCdaC
jX9rYPVQOP019V94dNQWLHYZDBcUZE6zX3xujH2BY+iw5EtjkNl5flaLw+yEUp1o
fbPjOgu0oA6qfoeK/3JtV12RnA08yi35fPKEQ45Qx/Rfs3fMNxiTxD9qZIM3rzXD
nLiNb3cXzqO29iLjhohC17IZrNfSgL81c9NeZ17eKVbUmKicM70BzJyJUvum3bHB
CvO5f7WECZP8UKiqmT4ys6yIyRz1ZrnaY5O7iQIcBBABAgAGBQJQpScRAAoJEN36
Gj42h5SUMHYP/2orT2b87YIXkOa1fwnaJtvLbMOisdscCn5kOU+30oQF0HLcCvdT
3iHokH9qFAr2slFAHDumkXu/iMordpR1lGItwLF1v6+9yHor03p/LP1JcVl/0PDf
nH4q6P9gQwHjq3RYVOdgYHJsDz2VSbvcsIfODKSxr95TsR1LgYasab4gre64gW3Y
kS4ao9W3QUeglbcYUbeYR+mbZvzq1yMg2qIrv89cYcXGdJFrIrlc6biD7v1V5pRH
CbAX9oWNoaUzPeg99w13Adt2e9PBJoq4hhouk87xnBg1QrMnL2ubUHvgTaH28J7U
V2hAwiCcSUwlY5zLs0QVUr13cfvvbGwHSU4avP15Xzgn1VKv+PRlfXPriU3HgG4R
td/Fdz7C+sBMwf7lb+fQSqJdJyB9SojHYMdpz3HmYuGJCySgC59iV5LX1i3AWAMo
7CvFSfqdiKSsHUH4Nl2jnduEcq2Q0uODCXIVcsIlNK/KWEE8CoadKLl55Efdc9JJ
miiW+iHwyHsPM6pqVV4F2R9IL4Wl8Rveaplbj/+TGGblVVO293VhswUGeOSLbXx2
xzFkTUWU/OrmVOLj6aqId6EinWB5oGJaiuKgZt66sLTs1niUnIzOmqi7R/dZ2mUf
QX62MfVWCv8NfkyMhrOft6ggS0Axo4F8fAcIInVXalvs2YScLSWdq54k
=4+bD
-----END PGP PUBLIC KEY BLOCK-----

52
misc/RPM-GPG-KEY-qubes-2-unstable Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQINBFClIUgBEACp0upqK7inupk52+8PHmIZFbm4lkV7IL2S9b285x579s1qysq7
az0JMekouPzNCu9MGFzSktIWT2ti6JHsGgXmY2PoCMDnBCubx5/nPA2fial7yoKg
ZxzpXGb6ZMtx5GOjXgpryUrNukYwORVR/jZS0noDb8rNnbeKi8R0SgaxRTYyJPvB
ChMl1kVX6R15nHsd43ndkgcgSOGT22f/mxqOka9t2cB3HevfDvEJvz8PMkxRgb3n
GOHFJRLYNIGmSegMllkMjUhZpu1e7T940WC3TWzJfpTNIo1Dsj0GIhGGniebGn/L
BvUrmANxQ5rGMjTFOkSb/vKa/w9ss0OECeIL/K4+A6NQTKXLAoKJYA/bx75Dh2dU
E3H8e4KoYuP3Q1lmLfcU3sX7s/MeszTpYHoUWTKyQXZYJged4ihP/RKz5iHRuAu2
0fjPdb6RGJYYi/3TDEoVHkkYyL88wETygXeJW2XtBz33ITLyiB3qfxh8eO4tVre2
QCus0nTpW+dblbfpG1Eb77OJTGlOF3rYx1oEEokochROEstN4bn3fMGMl6zHwBID
tVNPvnQTjrBj7wksvc4xoJNe6Om0kNB7w58l6tCpa/oknW/N9XbwTgm1CI7lMWKD
paieqfJbSYifCHEt0uVzsitoV992xZ8PRoooghGhBGWqTOSC3UDvJuajwwARAQAB
tCdRdWJlcyBPUyBSZWxlYXNlIDIgVW5zdGFibGUgU2lnbmluZyBLZXmJAjgEEwEC
ACIFAlClIUgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECMUDzj1Me+n
h7wP/At7TBmp5R9fDVKulLfHM9xDMwNCjmdDcKNwF7xy7c18uzhOpA7ENzgZWTR1
lkLrr+OlqXVlThzN1YRgvSx0KghSAIf0wuu8eeNKX+r1QFxEtxNrCobzK4ToNTiT
xuPrycJgJBThj0gfq2jaSYGuhi79HYkgFYiRDOfaTms3hL8+oSq0HmDsu3/JSfse
LAHiXbNyNvn1vpt09JH40me4RNTN0N3pUm9c5+7G0jwcE8OQZkjS7h04rpjbrDQE
DHxadqgkwzP4aJm3l3u/OZF7npI16jpCYpV/mWyDbEj047EN/sJjV3KfuN+AdeAT
9C7HJlGKcobeQztjzJuvzIILuzPewn77d7gua5kezM89nM6TK7T48upizNrCHxbw
l2Z2DdzHfSHMWYT0LS4JAjvUyuu2iTWkMGmh8r3SrAmUecFk2/bP0A2MTb10z17K
mzMzRU/u1n5DEsWlHzkXLmHJCKgid0UHuRbPabPWEK3E0yNid9MBkJWMZTFaALx7
QMdF7QUc/2mEj2ILuNO4V0KHIBVHDwT+SYGXJ+wPY6nHSo5pIeiSWdNpozvKB24y
8OWc1ST/rA6RaEDajSRMUxEkTtH7rGeueTVMhG8JCWWhmgNeMusg5Jq6OTrSooys
c6EDJsD44QaHrJUn6fXwOuyAgmzjX9p04fga67npSFoNUm7vuQINBFClIUgBEADQ
gWsxXqwIpuLVvcaiIo9pvO3wkt2nzXpLr93vzy+0+DTO11ejRDj9fuIA/9h55Yz5
8snI9+aIKryDedhY+3/iv1izN9tsWyLms1V0xHdKC0RgmBxtJoHyPVdwgDu/86bd
61zbhZAsaVmtP2vOdRD4dgR8wtTDbKnr9j4S8mRLkPJnjp+9e+H+akVVYbTx+Qki
l5XU7ogZejZnTaAonK/jMsbIUF2d1iFdvkMr1I9xFqqHTLwO0tmH/ZDP/9jcMnf4
dmVWDA4ykegn9RY+24YZ0mLaZrkDpvtfUrzxcZnvHuLVfROnQzOcIoP27Ut1v9s6
A1uLq8zxy8+pyHBi/DPz2ae1/fMDNJnZcdo8qQFY2NzRnzL6SRZ1YBzWR8t8B0m4
AginEa+/61UNNyXjkHzqqkVPv1EZ01c44MhB1P8/HZXF7YX80c6N2TUuGhH9dVRa
5S7JWaee8Ib6MT7Nafn/rmLoXPtU5lLzo1SbcEBHbkZXw365BCzp9X+LfesXF9xj
h4ISrCTcjaE20QoE1cNOsvuiuVK9fRqKsfMxuju0SpvZl5cAGM603WPZBMehbJ8e
i2J4CXHOr7mF/ecAlTAr08nYuQTEEpAx7ad/BtrmHFa8IqEhsEqBNC7xuzwAuPI7
xiiO7/KgDyS0mJ8Xm+9DMP/1q/QxT7Z4Ni4x2U+/swARAQABiQIfBBgBAgAJBQJQ
pSFIAhsMAAoJECMUDzj1Me+nD80P/0HLsF0BfxPgm/raoYS9Cqve6/aP9pHtAODD
SVGrb//PKAddVqJnsCu0TPbULx0cAYztQHw8n7rAO6iNbrxhOa6kin2vvdO0mVQY
kl3a/bDyo8rP/xyMS8K4EE2DfCL1HSDAS2r37mzi8RZED2Yj9F0aBgTO7rGhSXWt
WsDzsPzP46b8mr8BLQ8NfxKlJFpyIq8DwPEasrS5sKXEVXvnY4ZQMa5C2qzg1+LC
c6lbQHPIOaUnENy9ApBepZT8a09Ol3/2Z75UOe2AM5vynT5iST8fdFJlpI1+Z/hs
b+ZQ2uoMVW+O1VVtq+20o1WQVu9pORIKIq7wbBsIq6mejCC+KIZ5RDUPehs97+sL
il546IMqllX0LP40hBM/JP7vZEknYhkGl/HuJyrhaNi8NI4ryrIO8VL2rSx/1eUP
5Yn7jC5T+7twk6yKnzLZYfAG3F3HMTVrp5QwygBc+xmInwqbgHf4fJgT1WOVelKq
1wfoF7DYRT7+J5gAJboYOvS4cIqXAgeeslW76jRKbaK0X/Fa06fiRw3vGSEWdr+A
r4Kv/RAEB5z4da5MT88CB3OtgiJofnsPb+A+TmjTPcmaV2LHH30U/1aD/3RERBHb
cpKz+AV6MQ/7XpQiusXK14ospdTScEVwruXlCyt0hbqTsijiReNV4lV9nXtfmrEL
L0XnT71B
=o46N
-----END PGP PUBLIC KEY BLOCK-----

13
misc/dispvm-prerun.sh
View File

@ -2,7 +2,12 @@
apps="evince /usr/libexec/evinced soffice firefox"
cat /etc/dispvm-dotfiles.tbz | tar -xjf- --overwrite -C /home/user --owner user 2>&1 >/tmp/dispvm-dotfiles-errors.log
#If user have customized DispVM settings, use its home instead of default dotfiles
if [ -e /rw/home/user/.qubes-dispvm-customized ]; then
cp -af /rw/home/user /home/
else
cat /etc/dispvm-dotfiles.tbz | tar -xjf- --overwrite -C /home/user --owner user 2>&1 >/tmp/dispvm-dotfiles-errors.log
fi
for app in $apps ; do
echo "Launching: $app..."
@ -22,6 +27,10 @@ done
ps ax > /tmp/dispvm-prerun-proclist.log
cat /etc/dispvm-dotfiles.tbz | tar -xjf- --overwrite -C /home/user --owner user 2>&1 >>/tmp/dispvm-dotfiles-errors.log
if [ -e /rw/home/user/.qubes-dispvm-customized ]; then
cp -af /rw/home/user /home/
else
cat /etc/dispvm-dotfiles.tbz | tar -xjf- --overwrite -C /home/user --owner user 2>&1 >>/tmp/dispvm-dotfiles-errors.log
fi
echo done.

1
misc/fstab
View File

@ -8,6 +8,7 @@
#
/dev/mapper/dmroot / ext4 defaults,noatime 1 1
/dev/xvdb /rw ext4 noauto,defaults 1 2
/rw/home /home none noauto,bind,defaults 0 0
/dev/xvdc1 swap swap defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0

12
misc/qubes.repo
View File

@ -1,20 +1,20 @@
[qubes-vm-current]
name = Qubes OS Repository for VM (updates)
baseurl = http://yum.qubes-os.org/r1/current/vm/fc$releasever
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary
baseurl = http://yum.qubes-os.org/r2/current/vm/fc$releasever
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-2-primary
gpgcheck = 1
[qubes-vm-current-testing]
name = Qubes OS Repository for VM (updates-testing)
baseurl = http://yum.qubes-os.org/r1/current-testing/vm/fc$releasever
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary
baseurl = http://yum.qubes-os.org/r2/current-testing/vm/fc$releasever
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-2-primary
gpgcheck = 1
enabled=0
[qubes-vm-unstable]
name = Qubes OS Repository for VM (unstable)
baseurl = http://yum.qubes-os.org/r1/unstable/vm/fc$releasever
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-unstable
baseurl = http://yum.qubes-os.org/r2/unstable/vm/fc$releasever
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-2-unstable
gpgcheck = 1
enabled=0

2
misc/xl-qvm-usb-attach.py
View File

@ -45,4 +45,4 @@ else:
qvm_collection.unlock_db()
# launch
qvm_collection.get_vm_by_name(backendvm_name).run("root: %s" % cmd)
qvm_collection.get_vm_by_name(backendvm_name).run(cmd, user="root")

2
misc/xl-qvm-usb-detach.py
View File

@ -41,7 +41,7 @@ else:
qvm_collection.unlock_db()
# launch
qvm_collection.get_vm_by_name(backendvm_name).run("root: %s" % cmd)
qvm_collection.get_vm_by_name(backendvm_name).run(cmd, user="root")
# FIXME: command injection
os.system("xenstore-write /local/domain/%s/backend/vusb/%s/%s/port/%s ''"

8
rpm_spec/core-dom0.spec
View File

@ -38,6 +38,7 @@ License: GPL
URL: http://www.qubes-os.org
BuildRequires: xen-devel
Requires: python, xen-runtime, pciutils, python-inotify, python-daemon, kernel-qubes-dom0
Requires: qubes-core-libs
Requires: python-lxml
Conflicts: qubes-gui-dom0 < 1.1.13
Requires: xen >= 4.1.0-2
@ -99,7 +100,6 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/qubes
cp misc/qmemman.conf $RPM_BUILD_ROOT%{_sysconfdir}/qubes/
mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
cp aux-tools/patch_appvm_initramfs.sh $RPM_BUILD_ROOT/usr/lib/qubes
cp aux-tools/unbind_pci_device.sh $RPM_BUILD_ROOT/usr/lib/qubes
cp aux-tools/unbind_all_network_devices $RPM_BUILD_ROOT/usr/lib/qubes
cp aux-tools/convert_apptemplate2vm.sh $RPM_BUILD_ROOT/usr/lib/qubes
@ -198,9 +198,6 @@ cp pm-utils/52qubes-pause-vms $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/
mkdir -p $RPM_BUILD_ROOT/var/log/qubes
mkdir -p $RPM_BUILD_ROOT/var/run/qubes
install -D ../vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so
install -D ../u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so
install -d $RPM_BUILD_ROOT/etc/sudoers.d
install -m 0440 qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes
@ -357,7 +354,6 @@ fi
%{python_sitearch}/qubes/__init__.pyc
%{python_sitearch}/qubes/__init__.pyo
%{python_sitearch}/qubes/qmemman*.py*
/usr/lib/qubes/patch_appvm_initramfs.sh
/usr/lib/qubes/unbind_pci_device.sh
/usr/lib/qubes/unbind_all_network_devices
/usr/lib/qubes/cleanup_dispvms
@ -436,8 +432,6 @@ fi
%attr(4750,root,qubes) /usr/lib/qubes/qrexec_daemon
%attr(2770,root,qubes) %dir /var/log/qubes
%attr(0770,root,qubes) %dir /var/run/qubes
%{_libdir}/libvchan.so
%{_libdir}/libu2mfn.so
/etc/yum.real.repos.d/qubes-cached.repo
/etc/sudoers.d/qubes
/etc/xdg/autostart/qubes-guid.desktop

73
rpm_spec/core-libs.spec Normal file
View File

@ -0,0 +1,73 @@
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2010 Joanna Rutkowska <joanna@invisiblethingslab.com>
# Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
# Copyright (C) 2012 Marek Marczykowski <marmarek@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
%{!?version: %define version %(cat version_libs)}
Name: qubes-core-libs
Version: %{version}
Release: 1%{dist}
Summary: Qubes core libraries
License: GPL v2 only
Group: Development/Sources
Group: Qubes
Vendor: Invisible Things Lab
URL: http://www.qubes-os.org
Obsoletes: qubes-core-appvm-libs
Obsoletes: qubes-core-vm-libs
BuildRequires: xen-devel
%define _builddir %(pwd)
%description
The Qubes core libraries for installation inside a Qubes Dom0 and VM.
%build
make -C u2mfn
make -C vchan -f Makefile.linux
%install
install -D -m 0644 vchan/libvchan.h $RPM_BUILD_ROOT/usr/include/libvchan.h
install -D -m 0644 u2mfn/u2mfnlib.h $RPM_BUILD_ROOT/usr/include/u2mfnlib.h
install -D -m 0644 u2mfn/u2mfn-kernel.h $RPM_BUILD_ROOT/usr/include/u2mfn-kernel.h
install -D vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so
install -D u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so
%files
%{_libdir}/libvchan.so
%{_libdir}/libu2mfn.so
%package devel
Summary: Include files for qubes core libraries
License: GPL v2 only
Group: Development/Sources
Obsoletes: qubes-core-appvm-devel
Obsoletes: qubes-core-vm-devel
%description devel
%files devel
/usr/include/libvchan.h
/usr/include/u2mfnlib.h
/usr/include/u2mfn-kernel.h

35
rpm_spec/core-vm.spec
View File

@ -40,11 +40,13 @@ Requires: ethtool
Requires: tinyproxy
Requires: ntpdate
Requires: qubes-core-vm-kernel-placeholder
Requires: qubes-core-libs
Provides: qubes-core-vm
Obsoletes: qubes-core-commonvm
Obsoletes: qubes-core-appvm
Obsoletes: qubes-core-netvm
Obsoletes: qubes-core-proxyvm
Obsoletes: qubes-upgrade-vm < 2.0
BuildRequires: xen-devel
%define _builddir %(pwd)
@ -183,13 +185,6 @@ install -D -m 0644 misc/xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11/xorg-prel
install -d $RPM_BUILD_ROOT/var/run/qubes
install -d $RPM_BUILD_ROOT/home_volatile/user
install -D -m 0644 vchan/libvchan.h $RPM_BUILD_ROOT/usr/include/libvchan.h
install -D -m 0644 u2mfn/u2mfnlib.h $RPM_BUILD_ROOT/usr/include/u2mfnlib.h
install -D -m 0644 u2mfn/u2mfn-kernel.h $RPM_BUILD_ROOT/usr/include/u2mfn-kernel.h
install -D vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so
install -D u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so
%triggerin -- initscripts
cp /usr/lib/qubes/serial.conf /etc/init/serial.conf
@ -440,32 +435,6 @@ rm -rf $RPM_BUILD_ROOT
%attr(700,user,user) /home_volatile/user
%dir /mnt/removable
%package devel
Summary: Include files for qubes core libraries
License: GPL v2 only
Group: Development/Sources
Obsoletes: qubes-core-appvm-devel
%description devel
%files devel
/usr/include/libvchan.h
/usr/include/u2mfnlib.h
/usr/include/u2mfn-kernel.h
%package libs
Summary: Qubes core libraries
License: GPL v2 only
Group: Development/Sources
Obsoletes: qubes-core-appvm-libs
%description libs
%files libs
%{_libdir}/libvchan.so
%{_libdir}/libu2mfn.so
%package sysvinit
Summary: Qubes unit files for SysV init style or upstart
License: GPL v2 only

10
u2mfn/u2mfnlib.c
View File

@ -29,6 +29,11 @@
static int u2mfn_fd = -1;
int u2mfn_get_fd()
{
return open("/proc/u2mfn", O_RDWR);
}
static int get_fd()
{
if (u2mfn_fd == -1)
@ -38,11 +43,6 @@ static int get_fd()
return 0;
}
int u2mfn_get_fd()
{
return open("/proc/u2mfn", O_RDWR);
}
int u2mfn_get_mfn_for_page_with_fd(int fd, long va, int *mfn)
{
*mfn = ioctl(fd, U2MFN_GET_MFN_FOR_PAGE, va);

2
version_dom0
View File

@ -1 +1 @@
2.1.1
2.1.3

1
version_libs Normal file
View File

@ -0,0 +1 @@
2.1.0

2
version_vm
View File

@ -1 +1 @@
2.1.1
2.1.3

9
vm-init.d/qubes_core
View File

@ -65,14 +65,19 @@ start()
touch /rw/config/rc.local
mkdir -p /rw/home
cp -a /home.orig/user /home
cp -a /home.orig/user /rw/home
mkdir -p /rw/usrlocal
cp -a /usr/local.orig/* /usr/local
cp -a /usr/local.orig/* /rw/usrlocal
touch /var/lib/qubes/first_boot_completed
fi
fi
if [ -L /home ]; then
rm /home
mkdir /home
fi
mount /home
/usr/lib/qubes/qrexec_agent 2>/var/log/qubes/qrexec_agent.log &

10
vm-init.d/qubes_core_appvm
View File

@ -45,9 +45,15 @@ start()
echo -n $"Executing Qubes Core scripts for AppVM:"
if xenstore-read qubes_save_request 2>/dev/null ; then
ln -sf /home_volatile /home
possibly_run_save_script
if [ -L /home ]; then
rm /home
mkdir /home
fi
mount --bind /home_volatile /home
touch /etc/this_is_dvm
mount /rw
possibly_run_save_script
umount /rw
dmesg -c >/dev/null
free | grep Mem: |
(read a b c d ; xenstore-write device/qubes_used_mem $c)

15
vm-systemd/misc-post.sh
View File

@ -12,7 +12,7 @@ fi
# xenstore-read fails
INTERFACE=eth0 /usr/lib/qubes/setup_ip
if [ -e /dev/xvdb ] ; then
if [ -e /dev/xvdb -a ! -e /etc/this_is_dvm ] ; then
mount /rw
if ! [ -d /rw/home ] ; then
@ -24,18 +24,23 @@ if [ -e /dev/xvdb ] ; then
touch /rw/config/rc.local-early
mkdir -p /rw/home
cp -a /home.orig/user /home
cp -a /home.orig/user /rw/home
mkdir -p /rw/usrlocal
cp -a /usr/local.orig/* /usr/local
cp -a /usr/local.orig/* /rw/usrlocal
touch /var/lib/qubes/first_boot_completed
fi
# Chown home if user UID have changed - can be the case on template switch
HOME_USER_UID=`ls -dn /home/user | awk '{print $3}'`
HOME_USER_UID=`ls -dn /rw/home/user | awk '{print $3}'`
if [ "`id -u user`" -ne "$HOME_USER_UID" ]; then
find /home/user -uid "$HOME_USER_UID" -print0 | xargs -0 chown user:user
find /rw/home/user -uid "$HOME_USER_UID" -print0 | xargs -0 chown user:user
fi
if [ -L /home ]; then
rm /home
mkdir /home
fi
mount /home
fi
[ -x /rw/config/rc.local ] && /rw/config/rc.local

10
vm-systemd/prepare-dvm.sh
View File

@ -13,9 +13,15 @@ possibly_run_save_script()
}
if xenstore-read qubes_save_request 2>/dev/null ; then
ln -sf /home_volatile /home
possibly_run_save_script
if [ -L /home ]; then
rm /home
mkdir /home
fi
mount --bind /home_volatile /home
touch /etc/this_is_dvm
mount /rw
possibly_run_save_script
umount /rw
dmesg -c >/dev/null
free | grep Mem: |
(read a b c d ; xenstore-write device/qubes_used_mem $c)